Cyber Security Fundamentals

Questions and Answers

What is the primary focus of application security?

Keeping software and devices free of threats (correct)

Managing user identities and access

Protecting the physical network infrastructure

Securing remote access to networks

Endpoint security aims to protect remote access to an organization’s network.

True

What is the process of understanding the access every individual has in an organization called?

Identity management

Data security protects the integrity and privacy of data both in _______ and in transit.

storage

Match the following elements of cyber security with their descriptions:

Network security = Protecting the infrastructure from unauthorized access Data security = Safeguarding company and customer information Cloud security = Securing files in digital environments Operational security = Processes for handling and protecting data assets

What approach to cyber security does the National Cyber Security Alliance (NCSA) recommend?

Top-down approach

The traditional perimeter-based model is still the most recommended method for cyber security.

False

What are 'crown jewels' in the context of cyber security?

The most valuable information requiring protection within an organization.

NCSA's guidelines for cyber risk assessments focus on three key areas: identifying 'crown jewels', identifying threats, and outlining the potential _____ incurred from data loss.

damage

Match the following cyber security practices with their descriptions:

Continuous monitoring = A data-focused security approach Cyber risk assessment = Identifying and managing risks to valuable information Mitigation plan = Strategies to reduce cyber risk Incident response = Restoring operations after a cyber incident

Study Notes

Elements of Cyber Security

• Network Security: Involves protective measures for the network infrastructure against unauthorized access, misuse, or damage, ensuring a secure operating platform for devices and users.
• Application Security: Aims to keep software free of threats, beginning security measures at the design phase and requiring consistent updates and testing to counteract vulnerabilities.
• Endpoint Security: Focuses on securing remote access points to prevent potential data breaches.
• Data Security: Protects the integrity and confidentiality of company and customer information during storage and transmission.
• Identity Management: Involves tracking and managing individual access rights within an organization.
• Database and Infrastructure Security: Protective measures for physical devices and databases are critical elements of network safety.
• Operational Security: Encompasses protocols and decisions regarding data management, including user permissions and data handling processes.
• Cloud Security: Addresses the protection of data stored in digital environments, emphasizing secure access.
• Proactive Approaches: Cyber security should incorporate continuous monitoring and real-time assessments rather than relying solely on traditional perimeter defenses.

Managing Cyber Security

• Top-Down Approach: Effective cyber security requires strong leadership from corporate management to prioritize security initiatives across the organization.
• Incident Preparedness: Companies need to plan for cyber incidents to restore operations and protect their reputation and assets.
• Cyber Risk Assessments: Focus on identifying critical data, assessing potential risks, and understanding the consequences of data breaches.

Cyber Safety Tips

• Software Updates: Regularly update operating systems and software to benefit from the latest security enhancements.
• Use Anti-virus Software: Utilize reliable security solutions and keep them updated for effective protection.
• Strong Passwords: Create complex and unique passwords to thwart unauthorized access.
• Email Caution: Avoid opening attachments or clicking links from unfamiliar senders to mitigate malware risks.
• Secure WiFi: Be cautious when using public WiFi networks to prevent interception of data through man-in-the-middle attacks.

Cyber Security vs. Network Security

• Definitions: Cyber security is broader, focusing on data security aspects in storage and transit, while network security specifically protects IT infrastructure and access limitations.

Cyber Security vs. Information Security

• Subsets: Cyber security is a subset of information security, aiming to ensure data security across various platforms.

Common Cyber Threats

• SQL Injection: A method where attackers exploit vulnerabilities to manipulate databases and steal information.
• Phishing: Cybercriminals impersonate legitimate companies to solicit sensitive personal information from individuals.
• Man-in-the-Middle Attack: Intercepts communication between two parties to eavesdrop or steal data.
• Denial-of-Service Attack: Overloads a system with traffic, preventing legitimate requests from being fulfilled.

Security Risks

• Personally Identifiable Information (PII): Risks include theft of sensitive data like Social Security Numbers and bank details.
• Identity Theft: Involves unauthorized access to personal information for fraudulent purposes.

Hardware Cyber Security Concerns

• Potential vulnerabilities pertain to various devices including network systems, banking systems, and industrial control systems.

Future Cyber Security Considerations

• Security measures must adapt to counter increasingly sophisticated cyber threats, highlighting the need for continuous adaptation and education within organizations.

Security Analytics

• The base-rate fallacy illustrates the complexities of interpreting phishing detection accuracies and emphasizes the importance of understanding data probabilities in security assessments.

Description

Explore the essential elements of cyber security including network security, which protects the infrastructure from unauthorized access and misuse. This quiz delves into various measures used to secure networks and ensure safe operations for users and programs.